In this blog, we are going to discuss Microsoft 365 Company branding. When we look at the login experience in Microsoft 365 in Azure, we must agree that they all look the same for every single tenant. In a previous version, you would see a highway in California, and in the modern experience, it’s actually a view from the mountain’s top.
In this blog, I am going to show you how the login experience can help your end-users protect themselves by identifying phishing attacks. With Phishing attacks, people are led to a fake login page that looks identical to the real one. People enter their username and password and that’s how attackers gain access to their credentials.
However, if you change the login experience the fake login page will be different significantly from the real one, and that way your users can identify a phishing attack very easily.
So, Let’s get started!
How to apply corporate identity/branding on Microsoft Login Screens?
First, you need a Microsoft Azure Active Directory. You’ll have this automatically when you set up a client with Microsoft Online, whether in Microsoft O365 or Microsoft Azure.
We’ll now make the alterations in the Microsoft Azure Portal. There we’ll apply Company Branding on Microsoft login screens. Please go to your Microsoft Azure portal: https://portal.azure.com
So today we are going to be looking at how you can personalize the Microsoft 365 login screen. So, this is the standard screen when you go to https://portal.office.com, it comes up with:
Sign in with your work or school account, and you’ll alter this to be your business. Logo at the top or text to do with your helpdesk or something like that and you’ll have your own logo over here.
So for example when I type in my email address, firstname.lastname@example.org, go to the next screen, it knows that I am a part of Al Rafay Consulting, LLC.
Now, I show you how you can change your own branding. So, we are going to log in here to Microsoft 365 intranet portal. Please confirm you’re logged in as administrator.
So, when I sign in, I am taken to Microsoft 365 Portal. Then click on the App Launcher at the top click admin and it is going to take you here (Admin Centre):
Then we’re going to go over to Azure AD. Because Azure AD is what let us customize the branding for Microsoft 365. It is technically a separate subscription, but Azure AD is the service that runs the identities in Microsoft 365. So, issues similar to branding of the login screen or User Security or the multi-factor authentication. And it does a lot of more things but we’re only going to discuss the branding right now.
To access the Azure AD admin center, click on Show all in the left menu in the Microsoft 365 portal. And then click on Azure Active Directory. So, you’ll be greeted with a screen that looks like this.
On the dashboard screen, click on the menu (top left corner), select Azure Active Directory and choose Company Branding. Click on configure.
So, this is where your corporate branding pictures are required:
Please make note of the following while adding/updating company branding:
Sign-page background image: This is the large image displayed on the Azure AD sign-in page. It will scale and crop to fill the available space in the browser window.
- Image size: 1920x1080px
- File size: <300KB
- File type: PNG, JPG, or JPEG.
Banner logo: The banner logo is displayed on the Azure AD & Microsoft 365 sign-in page when users sign in with an account.
- Image size: 280x60px
- File size: 10KB
- File type: Transparent PNG, JPG, or JPEG
Username Hint: Customizes the hint text in the username input field. If guest users sign into your app, we recommend that you do not set this.
Sign-in page text: You can add sign-in page text with some contact information from your helpdesk.
Advanced settings: Square logo: The square logo is used to represent user accounts in your organization, on Azure AD web UI, and in Windows 10 Enterprise users when they log in for the first time.
- Image size: 240x240px (resizable)
- Max file size: 50 kb
- File type: PNG (preferred), JPG, or JPEG
Click save and it will update tenant branding. So, now we are done.
The new login screen is going to be available to your users immediately. Open a new incognito session in your browser to check the results
If this process creates your first custom branding configuration, it becomes the default for your tenant. If you have additional configurations, you’ll be able to choose your default configuration.
So, in my opinion, it’s a very cool feature, easy to use and when you have a Microsoft 365 it is included along with Azure Active Directory Subscription. I will highly recommend adding your company branding in your Microsoft 365 login experiences to help protect the users from phishing attacks.
In case you need any help regarding Microsoft identity management, feel free to contact us 24/7.
Al Rafay Consulting is always eager to help enterprises solve technology challenges with the Microsoft stack expertise.
For further queries, comment your questions below.